The FBI issued a warning about a group using silent ransom attacks and callback phishing to carry out network hacks.
Due to increased exploitation of vulnerabilities in third-party vendors’ and services’ remote access, as well as casino servers, the FBI issued a warning. They also drew attention to a recent development in which ransomware perpetrators target smaller tribal casinos by way of gaming vendors. Accessing employees’ and customers’ sensitive personal data and encrypting servers are the objectives. The attackers increase their network permissions by using authorized system management tools. The advisory made special reference to the Silent Ransom Group’s (SRG) operations.
A group known as Luna Moth or Silent Ransom Group (SRG) is allegedly conducting callback phishing attacks, per the FBI’s advisory. Attackers use deception to trick victims into clicking on phishing links that seem to be urgent notifications on their accounts.
Also Read : India’s Bug Bounty Hunters on the Rise: Simple and Strong in Cybersecurity Game
The ransomware operators direct victims to download authentic system management tools from an email link after they contact the number they have provided. The gang then employs these instruments, along with other legal but modified instruments, to carry out destructive operations. SRG breaches network-shared drives and local files, takes data, and then demands a ransom.
In his explanation of callback phishing, Roger Grimes from Knowbe4 referred to it as a cunning variation of phishing. Callback phishing is a type of scam where the victim is tricked by a phone number instead of a URL. The messages show a phone number and convey a sense of urgency through unclickable images. Callers are urged to dial the number; if they do, they may be put through to foreign call centers or—as the FBI has noted—may speak with the attacker’s call center.
Grimes claims that the primary goal of callback phishing, regardless of the source—ransomware groups or individual con artists—is to persuade the target to install malicious software.
More sophisticated callback methods no longer rely on building unique trojans or backdoors. Attackers now utilize completely or semi-legitimately approved remote access applications that are frequently utilized by users and administrators to control computers. Attackers can install more malicious software, run scripts, and even keep an eye on the victim’s screen once these programs are exploited.
A single image serves as the entire message in callback phishing. The text in the picture is not readable by many anti-phishing filters. Furthermore, in order to identify whether a phone number is malicious or not, these filters will not read it. It can be challenging to determine whether a phishing scam is malicious because, in essence, it consists of a single picture file.
The FBI advises routine maintenance of offline, encrypted, and immutable data backups as a defense against such attacks. To stop data from being used in questionable ways, it’s also essential to routinely assess the security procedures of external software/hardware providers and third-party vendors.
Organizations can implement these security measures to protect themselves from the Silent Ransom Group (SRG) and other similar threats:
- Maintain backups: Backup data should be encrypted and stored offline.
- Update on a regular basis: Update operating systems and software.
- Make a plan for responding: Have a strategy in place for handling ransomware attacks.
- Make secure passwords: Establish strong password guidelines and think about using multi-factor authentication.
- Train staff members: Employees should be trained on callback phishing attacks and how to avoid them.